Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hi Christophe, On Mon, Sep 16, 2013 at 8:23 AM, Christophe Fergeau wrote: > I've been looking into this today, and ended up adding a ssl-ca-file > property to RestProxy (which OvirtProxy inherits from). This is needed > in order to be able to use custom CA certificates for the REST https > communication as the CA cert to use must be set on SoupSession objects > which only RestProxy has access to. There may be a slight omission in the librest upgrade, unless I'm missing something. There does not appear to be a host-subject property analogous to the one in the spice session class, is there? Many thanks! iordan -- The conscious mind has only one thread of execution. ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hi Christophe, On Mon, Sep 16, 2013 at 8:23 AM, Christophe Fergeau wrote: > I've been looking into this today, and ended up adding a ssl-ca-file > property to RestProxy This is for the oVirt (non-spice-related) SSL encryption, right? This makes sense, and it will allow people with self-signed certificates to specify their CA to their remote viewer of choice and have the server certificate verified. Thanks! iordan -- The conscious mind has only one thread of execution. ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hey, On Fri, Sep 13, 2013 at 12:53:51PM -0400, i iordanov wrote: > I hope this is not too much to ask, but would it be possible for OvirtProxy > to have a ca-cert-file property as well as a ca-cert property? This way, > supporting the spice-ca-file option as well as the existing aSPICE > functionality will be much easier. I've been looking into this today, and ended up adding a ssl-ca-file property to RestProxy (which OvirtProxy inherits from). This is needed in order to be able to use custom CA certificates for the REST https communication as the CA cert to use must be set on SoupSession objects which only RestProxy has access to. Christophe pgpMxFUZWpuzW.pgp Description: PGP signature ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hey Iordan,
On Sun, Sep 15, 2013 at 02:13:05PM -0400, i iordanov wrote:
> Hi Christophe,
>
> I've tested the function and made one small change (bytes had to be
> unref-ed before ca_file). This works for my purposes and solves my
> issue of not being able to download the file using glib network I/O.
> Would you be willing to include it in govirt? Notice that it
> automatically uses set_downloaded_ca_cert() to set the ca property of
> OvirtProxy.
>
> void ovirt_proxy_load_ca_cert_file (OvirtProxy *proxy,
> const gchar *ca_file_name,
> GError **error)
> {
> GMappedFile *ca_file = NULL;
> GBytes *bytes = NULL;
> gconstpointer ca_data;
> gsize cert_length = 0;
>
> ca_file = g_mapped_file_new(ca_file_name, FALSE, error);
> if (ca_file == NULL) {
> goto error;
> }
>
> bytes = g_mapped_file_get_bytes(ca_file);
> cert_length = g_bytes_get_size(bytes);
> ca_data = g_bytes_get_data (bytes, &cert_length);
I think this can be done more simply using
g_file_get_contents() rather than using a GMappedFile.
Christophe
pgpm7Sas_l64x.pgp
Description: PGP signature
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hi Christophe,
I've tested the function and made one small change (bytes had to be
unref-ed before ca_file). This works for my purposes and solves my
issue of not being able to download the file using glib network I/O.
Would you be willing to include it in govirt? Notice that it
automatically uses set_downloaded_ca_cert() to set the ca property of
OvirtProxy.
void ovirt_proxy_load_ca_cert_file (OvirtProxy *proxy,
const gchar *ca_file_name,
GError **error)
{
GMappedFile *ca_file = NULL;
GBytes *bytes = NULL;
gconstpointer ca_data;
gsize cert_length = 0;
ca_file = g_mapped_file_new(ca_file_name, FALSE, error);
if (ca_file == NULL) {
goto error;
}
bytes = g_mapped_file_get_bytes(ca_file);
cert_length = g_bytes_get_size(bytes);
ca_data = g_bytes_get_data (bytes, &cert_length);
set_downloaded_ca_cert(proxy, (char*)ca_data, cert_length);
error:
if (bytes != NULL)
g_object_unref(bytes);
if (ca_file != NULL)
g_object_unref(ca_file);
return;
}
Thanks!
iordan
On Fri, Sep 13, 2013 at 4:52 PM, i iordanov wrote:
> Hi Christophe,
>
> If adding a ca-file property to OvirtProxy is not acceptable, would you
> consider adding (something like) the following function to ovirt-proxy.c?
>
> Please note that this is a preliminary variant that I haven't tested much,
> and may not have enough error checking!
>
> void ovirt_proxy_load_ca_cert_file (OvirtProxy *proxy,
>const gchar *ca_file_name,
>GError **error)
> {
> GMappedFile *ca_file = NULL;
> GBytes *bytes = NULL;
> gconstpointer ca_data;
> gsize cert_length = 0;
>
> ca_file = g_mapped_file_new(ca_file_name, FALSE, error);
> if (ca_file == NULL) {
> goto error;
> }
>
> bytes = g_mapped_file_get_bytes(ca_file);
> cert_length = g_bytes_get_size(bytes);
> ca_data = g_bytes_get_data (bytes, &cert_length);
> set_downloaded_ca_cert(proxy, (char*)ca_data, cert_length);
>
> error:
> if (ca_file != NULL)
> g_object_unref(ca_file);
>
> if (bytes != NULL)
> g_object_unref(bytes);
> }
>
> Cheers,
> iordan
>
>
> On Fri, Sep 13, 2013 at 12:53 PM, i iordanov wrote:
>>
>> Hi Christophe,
>>
>> I hope this is not too much to ask, but would it be possible for
>> OvirtProxy to have a ca-cert-file property as well as a ca-cert property?
>> This way, supporting the spice-ca-file option as well as the existing aSPICE
>> functionality will be much easier.
>>
>> Thanks!
>> iordan
>>
>>
>> On Fri, Sep 13, 2013 at 12:09 PM, i iordanov wrote:
>>>
>>> Hi Christophe,
>>>
>>> I read through some govirt code, and I think you're right that gvfs is
>>> only used during the fetching of the certificate. If that's the case, I will
>>> start by not fetching the CA automatically, but requiring for users to
>>> provide it to aSPICE the same way as they have to provide it for a simple
>>> SPICE connection (within the "Import CA" dialog in aSPICE, which is
>>> analogous to the --spice-ca-file option in virt-viewer). I think this will
>>> work for most if not all people.
>>>
>>> Thanks again!
>>> iordan
>>>
>>>
>>>
>>> On Thu, Sep 12, 2013 at 1:20 PM, Christophe Fergeau
>>> wrote:
Hey Iordan,
On Thu, Sep 12, 2013 at 01:11:45PM -0400, i iordanov wrote:
> Hi Christophe,
>
> It is currently very hard, bordering on impossible to build gvfs for
> Android, because it ends up depending on GTK. The sequence of
> dependencies is:
>
> glib network I/O -> gvfs -> libsoup-gnome -> gnome-keyring -> gcr-3 ->
> gcr-ui-3 -> GTK
>
> The glib guys are arguing that this is not a bug, since it's just a
> dependency that's missing, but I am trying to convince them that the
> low-level glib should not end up depending on a UI library...
>
> Hence for the moment, I absolutely cannot use glib network I/O. Can
> you tell me, since you've written libgovirt, do you think it's
> possible to add functionality to *it* rather than writing workarounds
> for client software? I could work around this issue in aSPICE, but
> that would not help for any other client on any other platform that
> doesn't have GTK.
>
> Regardless of whether you do agree it's best if govirt either stopped
> relying on glib network file I/O or had an option to use a different
> method, what library would you say would be best suited to replace all
> the network file I/O operations that you have in govirt with a
> download -> local file I/O sequence? Libcurl comes to mind, but
> perhaps libsoup is better suited for the purpose in your opinion?
Could you try what I suggested in
http://lists.freedesktop.org/archives/spice-devel/2013-September/014430.html
? I think gvfs is only used if yo
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hi Christophe,
If adding a ca-file property to OvirtProxy is not acceptable, would you
consider adding (something like) the following function to ovirt-proxy.c?
Please note that this is a preliminary variant that I haven't tested much,
and may not have enough error checking!
void ovirt_proxy_load_ca_cert_file (OvirtProxy *proxy,
const gchar *ca_file_name,
GError **error)
{
GMappedFile *ca_file = NULL;
GBytes *bytes = NULL;
gconstpointer ca_data;
gsize cert_length = 0;
ca_file = g_mapped_file_new(ca_file_name, FALSE, error);
if (ca_file == NULL) {
goto error;
}
bytes = g_mapped_file_get_bytes(ca_file);
cert_length = g_bytes_get_size(bytes);
ca_data = g_bytes_get_data (bytes, &cert_length);
set_downloaded_ca_cert(proxy, (char*)ca_data, cert_length);
error:
if (ca_file != NULL)
g_object_unref(ca_file);
if (bytes != NULL)
g_object_unref(bytes);
}
Cheers,
iordan
On Fri, Sep 13, 2013 at 12:53 PM, i iordanov wrote:
> Hi Christophe,
>
> I hope this is not too much to ask, but would it be possible for
> OvirtProxy to have a ca-cert-file property as well as a ca-cert property?
> This way, supporting the spice-ca-file option as well as the existing
> aSPICE functionality will be much easier.
>
> Thanks!
> iordan
>
>
> On Fri, Sep 13, 2013 at 12:09 PM, i iordanov wrote:
>
>> Hi Christophe,
>>
>> I read through some govirt code, and I think you're right that gvfs is
>> only used during the fetching of the certificate. If that's the case, I
>> will start by not fetching the CA automatically, but requiring for users to
>> provide it to aSPICE the same way as they have to provide it for a simple
>> SPICE connection (within the "Import CA" dialog in aSPICE, which is
>> analogous to the --spice-ca-file option in virt-viewer). I think this will
>> work for most if not all people.
>>
>> Thanks again!
>> iordan
>>
>>
>>
>> On Thu, Sep 12, 2013 at 1:20 PM, Christophe Fergeau
>> wrote:
>>
>>> Hey Iordan,
>>>
>>> On Thu, Sep 12, 2013 at 01:11:45PM -0400, i iordanov wrote:
>>> > Hi Christophe,
>>> >
>>> > It is currently very hard, bordering on impossible to build gvfs for
>>> > Android, because it ends up depending on GTK. The sequence of
>>> > dependencies is:
>>> >
>>> > glib network I/O -> gvfs -> libsoup-gnome -> gnome-keyring -> gcr-3 ->
>>> > gcr-ui-3 -> GTK
>>> >
>>> > The glib guys are arguing that this is not a bug, since it's just a
>>> > dependency that's missing, but I am trying to convince them that the
>>> > low-level glib should not end up depending on a UI library...
>>> >
>>> > Hence for the moment, I absolutely cannot use glib network I/O. Can
>>> > you tell me, since you've written libgovirt, do you think it's
>>> > possible to add functionality to *it* rather than writing workarounds
>>> > for client software? I could work around this issue in aSPICE, but
>>> > that would not help for any other client on any other platform that
>>> > doesn't have GTK.
>>> >
>>> > Regardless of whether you do agree it's best if govirt either stopped
>>> > relying on glib network file I/O or had an option to use a different
>>> > method, what library would you say would be best suited to replace all
>>> > the network file I/O operations that you have in govirt with a
>>> > download -> local file I/O sequence? Libcurl comes to mind, but
>>> > perhaps libsoup is better suited for the purpose in your opinion?
>>>
>>> Could you try what I suggested in
>>>
>>> http://lists.freedesktop.org/archives/spice-devel/2013-September/014430.html
>>> ? I think gvfs is only used if you use the helpers to fetch the
>>> certificate, and the rest of the code is just doing calls into
>>> librest/libsoup which I think are not using gio/gvfs.
>>> If this is a correct, then I think it's not a big issue that you don't
>>> have
>>> gvfs on your platform. If it is, I'll have to look where/how it's used to
>>> figure out how to workaround this.
>>>
>>> Hope that helps,
>>>
>>> Christophe
>>>
>>
>>
>>
>> --
>> The conscious mind has only one thread of execution.
>>
>
>
>
> --
> The conscious mind has only one thread of execution.
>
--
The conscious mind has only one thread of execution.
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hi Christophe, I hope this is not too much to ask, but would it be possible for OvirtProxy to have a ca-cert-file property as well as a ca-cert property? This way, supporting the spice-ca-file option as well as the existing aSPICE functionality will be much easier. Thanks! iordan On Fri, Sep 13, 2013 at 12:09 PM, i iordanov wrote: > Hi Christophe, > > I read through some govirt code, and I think you're right that gvfs is > only used during the fetching of the certificate. If that's the case, I > will start by not fetching the CA automatically, but requiring for users to > provide it to aSPICE the same way as they have to provide it for a simple > SPICE connection (within the "Import CA" dialog in aSPICE, which is > analogous to the --spice-ca-file option in virt-viewer). I think this will > work for most if not all people. > > Thanks again! > iordan > > > > On Thu, Sep 12, 2013 at 1:20 PM, Christophe Fergeau > wrote: > >> Hey Iordan, >> >> On Thu, Sep 12, 2013 at 01:11:45PM -0400, i iordanov wrote: >> > Hi Christophe, >> > >> > It is currently very hard, bordering on impossible to build gvfs for >> > Android, because it ends up depending on GTK. The sequence of >> > dependencies is: >> > >> > glib network I/O -> gvfs -> libsoup-gnome -> gnome-keyring -> gcr-3 -> >> > gcr-ui-3 -> GTK >> > >> > The glib guys are arguing that this is not a bug, since it's just a >> > dependency that's missing, but I am trying to convince them that the >> > low-level glib should not end up depending on a UI library... >> > >> > Hence for the moment, I absolutely cannot use glib network I/O. Can >> > you tell me, since you've written libgovirt, do you think it's >> > possible to add functionality to *it* rather than writing workarounds >> > for client software? I could work around this issue in aSPICE, but >> > that would not help for any other client on any other platform that >> > doesn't have GTK. >> > >> > Regardless of whether you do agree it's best if govirt either stopped >> > relying on glib network file I/O or had an option to use a different >> > method, what library would you say would be best suited to replace all >> > the network file I/O operations that you have in govirt with a >> > download -> local file I/O sequence? Libcurl comes to mind, but >> > perhaps libsoup is better suited for the purpose in your opinion? >> >> Could you try what I suggested in >> >> http://lists.freedesktop.org/archives/spice-devel/2013-September/014430.html >> ? I think gvfs is only used if you use the helpers to fetch the >> certificate, and the rest of the code is just doing calls into >> librest/libsoup which I think are not using gio/gvfs. >> If this is a correct, then I think it's not a big issue that you don't >> have >> gvfs on your platform. If it is, I'll have to look where/how it's used to >> figure out how to workaround this. >> >> Hope that helps, >> >> Christophe >> > > > > -- > The conscious mind has only one thread of execution. > -- The conscious mind has only one thread of execution. ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hi Christophe, I read through some govirt code, and I think you're right that gvfs is only used during the fetching of the certificate. If that's the case, I will start by not fetching the CA automatically, but requiring for users to provide it to aSPICE the same way as they have to provide it for a simple SPICE connection (within the "Import CA" dialog in aSPICE, which is analogous to the --spice-ca-file option in virt-viewer). I think this will work for most if not all people. Thanks again! iordan On Thu, Sep 12, 2013 at 1:20 PM, Christophe Fergeau wrote: > Hey Iordan, > > On Thu, Sep 12, 2013 at 01:11:45PM -0400, i iordanov wrote: > > Hi Christophe, > > > > It is currently very hard, bordering on impossible to build gvfs for > > Android, because it ends up depending on GTK. The sequence of > > dependencies is: > > > > glib network I/O -> gvfs -> libsoup-gnome -> gnome-keyring -> gcr-3 -> > > gcr-ui-3 -> GTK > > > > The glib guys are arguing that this is not a bug, since it's just a > > dependency that's missing, but I am trying to convince them that the > > low-level glib should not end up depending on a UI library... > > > > Hence for the moment, I absolutely cannot use glib network I/O. Can > > you tell me, since you've written libgovirt, do you think it's > > possible to add functionality to *it* rather than writing workarounds > > for client software? I could work around this issue in aSPICE, but > > that would not help for any other client on any other platform that > > doesn't have GTK. > > > > Regardless of whether you do agree it's best if govirt either stopped > > relying on glib network file I/O or had an option to use a different > > method, what library would you say would be best suited to replace all > > the network file I/O operations that you have in govirt with a > > download -> local file I/O sequence? Libcurl comes to mind, but > > perhaps libsoup is better suited for the purpose in your opinion? > > Could you try what I suggested in > > http://lists.freedesktop.org/archives/spice-devel/2013-September/014430.html > ? I think gvfs is only used if you use the helpers to fetch the > certificate, and the rest of the code is just doing calls into > librest/libsoup which I think are not using gio/gvfs. > If this is a correct, then I think it's not a big issue that you don't have > gvfs on your platform. If it is, I'll have to look where/how it's used to > figure out how to workaround this. > > Hope that helps, > > Christophe > -- The conscious mind has only one thread of execution. ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hi Christophe, It is currently very hard, bordering on impossible to build gvfs for Android, because it ends up depending on GTK. The sequence of dependencies is: glib network I/O -> gvfs -> libsoup-gnome -> gnome-keyring -> gcr-3 -> gcr-ui-3 -> GTK The glib guys are arguing that this is not a bug, since it's just a dependency that's missing, but I am trying to convince them that the low-level glib should not end up depending on a UI library... Hence for the moment, I absolutely cannot use glib network I/O. Can you tell me, since you've written libgovirt, do you think it's possible to add functionality to *it* rather than writing workarounds for client software? I could work around this issue in aSPICE, but that would not help for any other client on any other platform that doesn't have GTK. Regardless of whether you do agree it's best if govirt either stopped relying on glib network file I/O or had an option to use a different method, what library would you say would be best suited to replace all the network file I/O operations that you have in govirt with a download -> local file I/O sequence? Libcurl comes to mind, but perhaps libsoup is better suited for the purpose in your opinion? Thanks in advance for any help or advice you can offer. Sincerely, iordan ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hey Iordan, On Thu, Sep 12, 2013 at 01:11:45PM -0400, i iordanov wrote: > Hi Christophe, > > It is currently very hard, bordering on impossible to build gvfs for > Android, because it ends up depending on GTK. The sequence of > dependencies is: > > glib network I/O -> gvfs -> libsoup-gnome -> gnome-keyring -> gcr-3 -> > gcr-ui-3 -> GTK > > The glib guys are arguing that this is not a bug, since it's just a > dependency that's missing, but I am trying to convince them that the > low-level glib should not end up depending on a UI library... > > Hence for the moment, I absolutely cannot use glib network I/O. Can > you tell me, since you've written libgovirt, do you think it's > possible to add functionality to *it* rather than writing workarounds > for client software? I could work around this issue in aSPICE, but > that would not help for any other client on any other platform that > doesn't have GTK. > > Regardless of whether you do agree it's best if govirt either stopped > relying on glib network file I/O or had an option to use a different > method, what library would you say would be best suited to replace all > the network file I/O operations that you have in govirt with a > download -> local file I/O sequence? Libcurl comes to mind, but > perhaps libsoup is better suited for the purpose in your opinion? Could you try what I suggested in http://lists.freedesktop.org/archives/spice-devel/2013-September/014430.html ? I think gvfs is only used if you use the helpers to fetch the certificate, and the rest of the code is just doing calls into librest/libsoup which I think are not using gio/gvfs. If this is a correct, then I think it's not a big issue that you don't have gvfs on your platform. If it is, I'll have to look where/how it's used to figure out how to workaround this. Hope that helps, Christophe pgpWMy00Azo9Y.pgp Description: PGP signature ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
Re: [Spice-devel] oVirt support in aSPICE stalled due to broken network file I/O
Hey Iordan, On Mon, Sep 09, 2013 at 03:08:58PM -0400, i iordanov wrote: > I've been looking at adding oVirt support to aSPICE, and at the moment I'm > completely stuck because of some glib functionality not working on Android. > The library govirt uses glib's convenient support for network file I/O (for > fetching certificates, VMs, etc.), but because of gio's reliance on gvfsd, > network file I/O does not operate on Android. > > I've reported the bug to GNOME here: > https://bugzilla.gnome.org/show_bug.cgi?id=707796 > > but this will take a very long time to be fixed if it gets fixed at all. > > In the meanwhile, (Christophe), do you think it's feasible to work around > this issue by augmenting govirt with some alternate methods of reading > files from the oVirt proxy (i.e. outside glib, download the file to a > temporary location and open it as a local file, etc.)? To get the oVirt CA certificate, you don't have to use the ovirt_proxy_fetch_ca_certificate* functions, you can fetch it from your application using the API that is more convenient to you and then set the OvirtProxy::ca-cert property. This property is a GByteArray. Regarding the rest of the interaction with oVirt, this is done through the REST API using librest/libsoup, I'm not sure they need gvfsd to work as expected. Hope that helps, Christophe pgpKHAQZkvWB2.pgp Description: PGP signature ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
